Infosecurity News
Almost half of employees admit to bypassing security controls
Security shouldn’t get in the way of doing business and closing sales, but many organizations are wrestling with data protection strategies that block employees' ability to get the information they need to do their jobs. Almost half of all employees in a recent survey admitted to bypassing security regulations in order to get their job done. That's breeding apathy, too: 40% admitted that if they were breached no one would notice.
Chrome extension briefly allows DRM-free downloads from Spotify: Encryption may not be the answer
A Chrome extension called Downloadify allowed DRM-free downloads from Spotify’s library of 20 million songs before remedial action by Spotify and withdrawal from the Chrome store by Google.
Despite widespread adoption, companies fail to implement BYOD policy
As the influx of personal mobile devices into the workplace continues apace, a new survey shows that security is both the top concern and top measure for success for enterprises implementing bring-your-own-device (BYOD) programs.
ISO approves eDiscovery standards development
The International Organisation for Standardisation has given its final approval for the development of an international standard for the discovery of electronically stored information (ESI), aimed at giving greater credibility to digital evidence in legal matters and forensics through the implementation of a secure framework and guidelines for the process.
SMS phishing leads to an advance fee spam scam across Europe
A web text phishing scam is spreading across Europe, with users being tricked into allowing thousands of spam text messages to be sent from their accounts – and sometimes resulting in huge phone bills.
Fake AV attack on DC-area media shows rise of mass compromises
Two local Washington DC media outlets – WTOP and sister station Federal News Radio, and the Dvorak Uncensored pundit blog – all became the victims of bad actors looking to make a buck with scareware earlier this week. The stunt is indicative of a rising tide of mass compromises, researchers said.
AutoIT makes malware "outrageously easy"
AutoIT, a flexible coding language that’s been used since 1999 for scripting in Windows, is on the rise as a go-to development language for malware.
DoD approves Android, BlackBerry 10 smartphones for use by soldiers
US soldiers will soon be able to get their Android on…sort of. The US Department of Defense has approved the use of Samsung’s hardened, secure version of Android in smartphones used by the military, along with BlackBerry 10 devices.
Researchers hack Google’s Australian office building
“If Google can fall victim to an ICS attack, anyone can,” say researchers after taking over the building control system of Google’s Sydney, Australia offices.
Internet Explorer zero-day blamed for Department of Labor website attack
The watering hole campaign that targeted a US Department of Labor website was the result of a brand-new zero-day vulnerability affecting Internet Explorer 8 (CVE-2013-1347), and not a patched, known quantity as originally thought.
New online backup service scans for malware before saving files
Consumers often look to protect their assets in the event of computer theft, loss or an “incident” that wipes out files and requires a complete restoration.
Report: Chinese hackers drained secrets from top US military and spy contractor
Spies like us? Apparently so, as in, they’re just as vulnerable to Chinese hackers as anyone else. One of the top espionage and military contractors for the US, QinetiQ North America, has been successfully compromised and its information siphoned off, according to a Bloomberg report.
Trojans cause 80% of worldwide malware infections
When it comes to malware, the spawning rate of new threats does not appear to be slowing down at all: In the first quarter of 2013 alone, more than six and a half million new malware samples were created, according to Panda Security’s latest malware report.
58% Information Security Incidents Attributed to Insider Threat
The consumerization of computing has changed the IT landscape. Employees can and do now access corporate data from a multitude of devices in a multitude of locations. Where the ‘insider threat’ was once posed only by the occasional malcontent employee, it is now comes from every naive employee on the payroll.
Video interview: NAC, BYOD, and advanced threat protection
Drew Amorosi, deputy editor of Infosecurity, interviews ForeScout’s Scott Gordon at last week’s Infosecurity Europe 2013 show in London.
Adobe adds security post to its executive management team
It’s an old face in a new place, as Adobe has promoted Brad Arkin to become the company’s first chief security officer.
Department of Labor website delivered malware to visitors
Europeans – not so much Americans – will not miss the irony of a US Department of Labor website serving malware apparently aimed at its own labor force on May 1: International Worker’s Day.
e-skills research demonstrates need for entry routes into cybersecurity careers
An information skills shortage in the UK is not disputed. Why that skills shortage exists and what can be done about it is the issue. Today a high-power (general) forum at The Spectator will seek answers, coinciding with a new (specialist) analysis published by Alderbridge and e-skills UK.
Feds look to extend wiretapping mandate to online services
Even as online privacy continues to be in the spotlight, a government task force is reportedly prepping legislation that would enable law enforcement officials to intercept online communications in real-time, via companies like Facebook and Google, in what is basically an extension of the CALEA wiretapping act.
Firefox sends FinFisher authors a cease and desist letter
FinFisher is a commercial spyware product produced by the UK’s Gamma International. It is widely implicated in government surveillance of national dissidents in countries with poor human rights records.
